Great! Let’s dive deeper into AWS Config's Relationships Tab and AWS Perspective, two of the best AWS-native tools for discovering and mapping application resources and their dependencies.
π 1. AWS Config → Resources → Relationships Tab
π What is AWS Config?
AWS Config is a service that continuously records configuration changes to your AWS resources and enables you to:
-
View all resources
-
Understand how resources are connected (e.g., EC2 → Security Group → VPC)
-
Track historical changes
-
Audit compliance over time
𧩠What is the Relationships Tab?
When you select a resource in AWS Config, the "Relationships" tab shows linked resources. For example:
| Resource Type | Relationship |
|---|---|
| EC2 instance | Linked to Security Group, Subnet, IAM Role, EBS Volume |
| Lambda | Linked to IAM Role, Log Group, VPC, Layers |
| ALB | Linked to Target Group, Listener, EC2s |
✅ Example:
-
Select an EC2 instance.
-
Click Relationships.
-
You’ll see:
-
Its Security Group
-
Its Subnet/VPC
-
Attached IAM Role
-
EBS Volumes
-
This helps you reconstruct architecture visually and logically.
π‘ How to Use:
-
Go to AWS Console → AWS Config
-
Click "Resources"
-
Search or filter by resource type or region
-
Select a resource → open the "Relationships" tab
π Limitation:
-
Config must be enabled in advance to see history.
-
Doesn’t visualize architecture like a diagram (use AWS Perspective or CloudMapper for that).
πΌ️ 2. AWS Perspective – Official Architecture Visualizer
π What is AWS Perspective?
AWS Perspective is an official AWS solution that:
-
Automatically discovers resources in your account
-
Generates interactive architecture diagrams
-
Helps in understanding applications, dependencies, and regions
π§° Key Features:
| Feature | Description |
|---|---|
| Architecture Diagrams | Auto-draw diagrams with grouped components |
| Filtering by Tags or Name | Filter view by specific application |
| Live AWS Data | Connects to your AWS account |
| Cross-account/region View | Optional multi-account support |
| Export to PNG/CSV | Shareable architecture documents |
π️ How it Works:
It uses:
-
CloudFormation stack to deploy the Perspective tool into your account
-
AWS SDKs and APIs to scan services (like EC2, S3, Lambda, RDS)
-
GraphQL + UI frontend to interactively explore
π¦ What It Deploys:
-
An AppSync GraphQL API
-
Lambda functions for discovery
-
DynamoDB, S3, and Cognito for UI and storage
-
An SPA dashboard to view the architecture
π Setup Steps (Short Version):
-
Click "Deploy with CloudFormation"
-
Select Region and Launch the template
-
Once deployed, open the URL to access the web UI
-
Grant necessary IAM permissions for discovery
-
Let it scan your account — view architecture!
π Example Use Case:
Imagine you don’t know anything about your app. After deploying Perspective:
-
It scans your account
-
Automatically detects:
-
EC2 → Subnet → VPC
-
Load balancer connected to EC2
-
IAM roles tied to Lambda
-
-
Draws a full dependency map for you
✅ Pros:
-
No need to install 3rd-party tools
-
Beautiful UI with search and filters
-
Supports multi-region and multi-account
❌ Cons:
-
Requires CloudFormation setup
-
May need IAM permissions (like
ReadOnlyAccess,ConfigReadOnly)
π§ Summary: Config vs Perspective
| Feature | AWS Config | AWS Perspective |
|---|---|---|
| Visual Architecture | ❌ (Textual relationships only) | ✅ (Diagram-based, interactive) |
| Real-time Discovery | ✅ | ✅ |
| Dependency Mapping | ✅ | ✅ |
| Setup | Just enable Config | Deploy via CloudFormation |
| Best For | Compliance, traceability | Application/resource visualization |
No comments:
Post a Comment